It’s got almost all the bells and whistles. There’s dual Ethernet ports, Bluetooth with 1000′ range, and WiFi with a high gain antenna. The SoC inside comes with Debian 6 and all the exploit tools you might want pre-loaded. There’s even a 3G adapter, but it’s external and not pictured above. The thing is, for a pre-order price-tag of $1,295 we think that 3G should have been internalized and come with a lifetime unlimited data plan! That could be a bit overboard… our heads are still spinning from the sticker shock.

This isn’t the first time we’ve seen hardware from this company. Their Pwn Plug was used in this project. We just didn’t catch the $595 price tag for that device until now.

Hey, thanks for publishing! I’m the CTO at Pwnie Express and wanted to give a little background on what you’re getting for the $$.

We’re not simply selling pentesting hardware. I’d encourage you to check out sites like AceHackware / Hak5 / etc or build your own if you’re interested in that!

PX is building a supported platform for easy, in-depth penetration testing. We ship both OSS and commercial tools on the plug to give you an initial toolkit (which we’re expanding and building upon thanks to sales #’s).

We also automate much of the process of taking your initial (physical) access and turn it into remote compromise. We’ll be automating more and more as we build upon our 1.1 feature set.

Note that we provide a community image that allows you to buy a stock sheevaplug or nokia N900 and load it on. We definitely want to encourage this!

And we’re finding lots of folks (.gov included) will just pay for it for the support and ease-of-use/deployment.

Definitely appreciate the feedback, and hit us up on twitter or at info _at_ pwnieexpres _dot_ com if you want more details!

I didn’t see anything wrong with what he posted. He directly answered issues brought up in the article and comments. Now, if he had just jumped into the comments and said all this when the article was about building your own or something else entirely, then you would have a legitimate complaint about marketing. When your product is being castigated for its cost and its toolkit, he has every right to answer them.

The price of any product on a free market is determined by the amount of money someone is willing to pay for it. If the thing is produced for less, you make profit. If the thing is produced for more, you’ll go bankrupt. Welcome to capitalism :)

I’ve seen modern power strips of all shapes and sizes. Many of which now-a-days are equipped with two USB ports due to the fact 90% of mobile electronics use them to charge. Lots of phones now just come with a USB wall wart and expect you to use your data cable as your charging cable as well.

This article makes me realise that if you add a custom software module to the thing I’m designing at the moment, you would have a lightweight $70 version of this.. Might be some happy black hats on kickstarter later this year :)

Why would anybody trust these people enough to do business with them? I’d have to assume their devices have the potential to contain “features” they don’t advertise and may not be in the buyers’ interests.

Those whining about the price are clearly not professional engineers, or if they are they are so used to extensive cost reduction of designs that they can’t see the forest for the trees.

The price tag does not reflect the price of the hardware, but that of the time and engineering that went into it. The market for this product does not want to commit its own engineering time/resources to something similar. This is a low volume niche product, and as such can demand the price they are asking.

If you think you can make “the same thing” for less go for it. This is not just a raspberry pi and a power strip folks… Keep track of the hours you have working on it and see how much it costs taking that into account…

The value comes from the cost of the time of the developers… they *are* charging for the value of the thing. Skill wasn’t aquired for free, so why should it be given away for free?

As to the pay rate of an engineer, or a doctor, or a mechanic, or a physicist, etc… versus a lower-paying gob like a housekeeper or green grocer or some other lower-paying job, pay is largely a function of perceived worth. Any of those higher-wage jobs could do housekeeping or retail work if pressed to do so, but housekeepers or clerks couldn’t necessarily do the higher-paid work at the same pace and level of precision required… if they could, then they should be doing something more deserving of their latent skill set.

I can engineer it in 60 seconds, 5 minutes if I did not already know of the sheeva plug. So a $1000 markup of the hardware is warranted for 5 minutes of internet searching and 1 hour of tinkering on a bench?

yes 1 hour, if you have a full tool kit on your bench you can take any of the APC UPS power strips or other brands and make this Exact device. Hell give me another 30 minutes and it will have a Wifi chipset that will actually go into promiscuous mode and just sit there and listen instead of the Atheros chipset that is on the sheevaplug in this that will NOT sit and sniff undetected.

Add another 10 minutes and I can make that Ethernet passthrough act as a passthrough but silently sniff all the traffic that passes through it. No detection at all possible by equipment on the lan. Then the 3G modem inside sends all the data home out of band to further get around any detection on the network.

Theirs I am certain does not do any of that. Or just take a stock sheeva plug and slap an HP sticker on it. and add a simple payload to act like a jetdirect. slap it on a printer in the office and configure it to the same IP address the printer was at. it could go years undetected.

Then step up! Start a business making and supporting this sort of device. Sounds like you’re a couple versions beyond the progress of the company in the article, so why not leverage that into some value for yourself. If it’s that easy for you, for heaven’s sake, go do it. It’s clear that government and non-government entities alike would be interested in this sort of product, and there aren’t that many players in the market… If I had the skill-set you claim to have, I’d be typing less and prototyping more!

So, in that time you can design everything into a safe enclosure, get all the required certifications of the product? Would this be something that would “just work out of the box” like this? You would be inundated with support requests because you didn’t take time to ensure that everything works without a hitch, not merely the features that you are interested in.

You are truly showing your ignorance as to what it takes to commercialize a product.

I agree that they are obviously advertising, and i know for a fact that Debian 6 is under a Creative Commons license, but that license doesn’t cover Commercial use (sadly). the problem with the device being advertised here is that this site is for people who would rather do things themselves, especially when it comes to niche things like this,

It is purely of my opinion, too many ads sneaking into HAD. Leave this stuff for engadget. I enjoy the DIY and Hacker aspect of this site, not the Look who is selling a comercial product. (sure I sell a few things, but they are all diy based pieces)

I didn’t see it as advertising at all. I see it as showing a novel and cool product that could be re-created by the talented people who frequent this site. I see it as a challenge. There have been many products showcased here that have been copied from scratch, usually cheaper and with innovative new features. Look at all the 3D printers that users have built here.